HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
6 LDAP integration support
This chapter describes the HP CIFS Server with LDAP integration. It includes benefits of LDAP,
procedures to install, configure and verify the HP Netscape Directory Server, HP LDAP-UX Integration
product and HP CIFS Server software. It contains the following sections:
• “Overview” (page 78)
• “Network environments” (page 79)
• “Summary of installing and configuring” (page 81)
• “Installing and configuring your Directory Server” (page 81)
• “Installing LDAP-UX Client Services on an HP CIFS Server” (page 82)
• “Configuring the LDAP-UX Client Services” (page 82)
• “Enabling Secure Sockets Layer (SSL)” (page 86)
• “Extending the Samba subschema into your Directory Server” (page 88)
• “Migrating your data to the Directory Server” (page 89)
• “Configuring the HP CIFS Server” (page 92)
• “Creating Samba users in directory” (page 94)
• “HP CIFS management tools” (page 158)
Overview
Lightweight Directory Access Protocol (LDAP) provides a framework for the development of a
centralized management infrastructure. LDAP supports directory enabled computing by consolidating
applications, services, user accounts, Windows account and configuration information into a
central LDAP directory.
Samba customer sites with large numbers of users and servers may want to integrate the HP CIFS
Server with LDAP support. Configuring multiple HP CIFS servers to communicate with the LDAP
directory server provides a centralized and scalable management of user databases. When you
integrate the HP CIFS Server with the LDAP-UX Integration product on HP-UX, the HP CIFS Server
can store user accounts information on the Netscape Directory Server. The LDAP database can
replace /etc/passwd or NIS and smbpasswd or NT server user databases.
The LDAP directory can be used to store the Windows user information which had previously been
stored in the smbpasswd file. When the HP CIFS Server is configured to use the LDAP integration,
the SMBD program will use the LDAP directory to look up the Windows user information during
authentication and authorization processes. Also, when you invoke the smbpasswd program to
add, delete or change Windows user information, updates are made in the LDAP user database
rather than the smbpasswd file.
You can enable the LDAP support with configuration parameters provided by the HP CIFS Server.
HP CIFS Server will access an LDAP directory server for password, user, group, and other data
when you specify the smb.conf passwd backend parameter to ldapsam.
You can configure the ldap ssl parameter specified in the smb.conf file to enable the Secure
Sockets Layer (SSL) support. With the SSL support, the HP CIFS Server allows you to access an SSL
enabled LDAP directory to protect passwords over the network and to ensure confidentiality and
data integrity between CIFS servers and the LDAP directory server.
NOTE: While the HP CIFS Server may operate satisfactorily with other LDAP products, HP only
provides LDAP support for the HP CIFS Server with HP LDAP-UX Integration, J4269AA, HP Netscape
Directory Server, J4258CA, or HP Red Hat Directory Server, NSDirSvr7, product configurations.
78 LDAP integration support